patch-2.4.25 linux-2.4.25/net/ipv4/netfilter/ip_conntrack_amanda.c
Next file: linux-2.4.25/net/ipv4/netfilter/ip_conntrack_core.c
Previous file: linux-2.4.25/net/ipv4/igmp.c
Back to the patch index
Back to the overall index
- Lines: 272
- Date:
2004-02-18 05:36:32.000000000 -0800
- Orig file:
linux-2.4.24/net/ipv4/netfilter/ip_conntrack_amanda.c
- Orig date:
2003-06-13 07:51:39.000000000 -0700
diff -urN linux-2.4.24/net/ipv4/netfilter/ip_conntrack_amanda.c linux-2.4.25/net/ipv4/netfilter/ip_conntrack_amanda.c
@@ -18,13 +18,13 @@
*
*/
+#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/netfilter.h>
#include <linux/ip.h>
#include <net/checksum.h>
#include <net/udp.h>
-#include <linux/netfilter_ipv4/lockhelp.h>
#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
@@ -36,176 +36,96 @@
MODULE_PARM(master_timeout, "i");
MODULE_PARM_DESC(master_timeout, "timeout for the master connection");
-DECLARE_LOCK(ip_amanda_lock);
-struct module *ip_conntrack_amanda = THIS_MODULE;
-
-#define MAXMATCHLEN 6
-struct conn conns[NUM_MSGS] = {
- {"DATA ", 5},
- {"MESG ", 5},
- {"INDEX ", 6},
+static struct { char *match; int len; } conns[] = {
+ { "DATA ", 5},
+ { "MESG ", 5},
+ { "INDEX ", 6},
};
-#if 0
-#define DEBUGP printk
-#else
-#define DEBUGP(format, args...)
-#endif
+#define NUM_MSGS 3
-/* FIXME: This should be in userspace. Later. */
static int help(const struct iphdr *iph, size_t len,
- struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
+ struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
{
+ struct ip_conntrack_expect exp;
+ struct ip_ct_amanda_expect *exp_amanda_info;
struct udphdr *udph = (void *)iph + iph->ihl * 4;
u_int32_t udplen = len - iph->ihl * 4;
u_int32_t datalen = udplen - sizeof(struct udphdr);
char *data = (char *)udph + sizeof(struct udphdr);
- char *datap = data;
- char *data_limit = (char *) data + datalen;
- int dir = CTINFO2DIR(ctinfo);
- struct ip_ct_amanda *info =
- (struct ip_ct_amanda *)&ct->help.ct_ftp_info;
-
- /* Can't track connections formed before we registered */
- if (!info)
- return NF_ACCEPT;
-
- /* increase the UDP timeout of the master connection as replies from
- * Amanda clients to the server can be quite delayed */
- ip_ct_refresh(ct, master_timeout * HZ);
+ char *data_limit = data + datalen;
+ char *start = data, *tmp;
+ int i;
- /* If packet is coming from Amanda server */
- if (dir == IP_CT_DIR_ORIGINAL)
+ /* Only look at packets from the Amanda server */
+ if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL)
return NF_ACCEPT;
- /* Not whole UDP header? */
if (udplen < sizeof(struct udphdr)) {
- printk("ip_conntrack_amanda_help: udplen = %u\n",
- (unsigned)udplen);
+ if (net_ratelimit())
+ printk("amanda_help: udplen = %u\n", udplen);
return NF_ACCEPT;
}
- /* Checksum invalid? Ignore. */
- if (csum_tcpudp_magic(iph->saddr, iph->daddr, udplen, IPPROTO_UDP,
- csum_partial((char *)udph, udplen, 0))) {
- DEBUGP("ip_ct_talk_help: bad csum: %p %u %u.%u.%u.%u "
- "%u.%u.%u.%u\n",
- udph, udplen, NIPQUAD(iph->saddr),
- NIPQUAD(iph->daddr));
+ if (udph->check &&
+ csum_tcpudp_magic(iph->saddr, iph->daddr, udplen, IPPROTO_UDP,
+ csum_partial((char *)udph, udplen, 0)))
return NF_ACCEPT;
- }
+
+ /* increase the UDP timeout of the master connection as replies from
+ * Amanda clients to the server can be quite delayed */
+ ip_ct_refresh(ct, master_timeout * HZ);
- /* Search for the CONNECT string */
- while (data < data_limit) {
+ /* Search for "CONNECT " string */
+ do {
+ if (data + 8 >= data_limit)
+ return NF_ACCEPT;
if (!memcmp(data, "CONNECT ", 8)) {
+ data += 8;
break;
}
data++;
- }
- if (memcmp(data, "CONNECT ", 8))
- return NF_ACCEPT;
+ } while(1);
- DEBUGP("ip_conntrack_amanda_help: CONNECT found in connection "
- "%u.%u.%u.%u:%u %u.%u.%u.%u:%u\n",
- NIPQUAD(iph->saddr), htons(udph->source),
- NIPQUAD(iph->daddr), htons(udph->dest));
- data += 8;
- while (*data != 0x0a && data < data_limit) {
-
- int i;
-
- for (i = 0; i < NUM_MSGS; i++) {
- if (!memcmp(data, conns[i].match,
- conns[i].matchlen)) {
-
- char *portchr;
- struct ip_conntrack_expect expect;
- struct ip_ct_amanda_expect
- *exp_amanda_info =
- &expect.help.exp_amanda_info;
-
- memset(&expect, 0, sizeof(expect));
-
- data += conns[i].matchlen;
- /* this is not really tcp, but let's steal an
- * idea from a tcp stream helper :-)
- */
- // XXX expect.seq = data - datap;
- exp_amanda_info->offset = data - datap;
-// XXX DEBUGP("expect.seq = %p - %p = %d\n", data, datap, expect.seq);
-DEBUGP("exp_amanda_info->offset = %p - %p = %d\n", data, datap, exp_amanda_info->offset);
- portchr = data;
- exp_amanda_info->port =
- simple_strtoul(data, &data, 10);
- exp_amanda_info->len = data - portchr;
-
- /* eat whitespace */
- while (*data == ' ')
- data++;
- DEBUGP ("ip_conntrack_amanda_help: "
- "CONNECT %s request with port "
- "%u found\n", conns[i].match,
- exp_amanda_info->port);
-
- LOCK_BH(&ip_amanda_lock);
-
- expect.tuple = ((struct ip_conntrack_tuple)
- { { ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip,
- { 0 } },
- { ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip,
- { htons(exp_amanda_info->port) },
- IPPROTO_TCP }});
- expect.mask = ((struct ip_conntrack_tuple)
- { { 0, { 0 } },
- { 0xFFFFFFFF, { 0xFFFF }, 0xFFFF }});
-
- expect.expectfn = NULL;
-
- DEBUGP ("ip_conntrack_amanda_help: "
- "expect_related: %u.%u.%u.%u:%u - "
- "%u.%u.%u.%u:%u\n",
- NIPQUAD(expect.tuple.src.ip),
- ntohs(expect.tuple.src.u.tcp.port),
- NIPQUAD(expect.tuple.dst.ip),
- ntohs(expect.tuple.dst.u.tcp.port));
- if (ip_conntrack_expect_related(ct, &expect) ==
- -EEXIST) {
- ;
- /* this must be a packet being resent */
- /* XXX - how do I get the
- * ip_conntrack_expect that
- * already exists so that I can
- * update the .seq so that the
- * nat module rewrites the port
- * numbers?
- * Perhaps I should use the
- * exp_amanda_info instead of
- * .seq.
- */
- }
- UNLOCK_BH(&ip_amanda_lock);
- } /* if memcmp(conns) */
- } /* for .. NUM_MSGS */
- data++;
- } /* while (*data != 0x0a && data < data_limit) */
+ memset(&exp, 0, sizeof(exp));
+ exp.tuple.src.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
+ exp.tuple.dst.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip;
+ exp.tuple.dst.protonum = IPPROTO_TCP;
+ exp.mask.src.ip = 0xFFFFFFFF;
+ exp.mask.dst.ip = 0xFFFFFFFF;
+ exp.mask.dst.protonum = 0xFFFF;
+ exp.mask.dst.u.tcp.port = 0xFFFF;
+
+ exp_amanda_info = &exp.help.exp_amanda_info;
+ for (i = 0; data + conns[i].len < data_limit && *data != '\n'; data++) {
+ if (memcmp(data, conns[i].match, conns[i].len))
+ continue;
+ tmp = data += conns[i].len;
+ exp_amanda_info->offset = data - start;
+ exp_amanda_info->port = simple_strtoul(data, &data, 10);
+ exp_amanda_info->len = data - tmp;
+ if (exp_amanda_info->port == 0 || exp_amanda_info->len > 5)
+ break;
+
+ exp.tuple.dst.u.tcp.port = htons(exp_amanda_info->port);
+ ip_conntrack_expect_related(ct, &exp);
+ if (++i == NUM_MSGS)
+ break;
+ }
return NF_ACCEPT;
}
static struct ip_conntrack_helper amanda_helper;
-static void fini(void)
+static void __exit fini(void)
{
- DEBUGP("ip_ct_amanda: unregistering helper for port 10080\n");
ip_conntrack_helper_unregister(&amanda_helper);
}
static int __init init(void)
{
- int ret;
-
- memset(&amanda_helper, 0, sizeof(struct ip_conntrack_helper));
amanda_helper.tuple.src.u.udp.port = htons(10080);
amanda_helper.tuple.dst.protonum = IPPROTO_UDP;
amanda_helper.mask.src.u.udp.port = 0xFFFF;
@@ -213,23 +133,12 @@
amanda_helper.max_expected = NUM_MSGS;
amanda_helper.timeout = 180;
amanda_helper.flags = IP_CT_HELPER_F_REUSE_EXPECT;
- amanda_helper.me = ip_conntrack_amanda;
+ amanda_helper.me = THIS_MODULE;
amanda_helper.help = help;
amanda_helper.name = "amanda";
- DEBUGP("ip_ct_amanda: registering helper for port 10080\n");
-
- ret = ip_conntrack_helper_register(&amanda_helper);
-
- if (ret) {
- printk("ip_ct_amanda: ERROR registering helper\n");
- fini();
- return -EBUSY;
- }
- return 0;
+ return ip_conntrack_helper_register(&amanda_helper);
}
-EXPORT_SYMBOL(ip_amanda_lock);
-
module_init(init);
module_exit(fini);
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)